diff --git a/src/core/utils.js b/src/core/utils.js index b96b20728..fc3ea03dd 100644 --- a/src/core/utils.js +++ b/src/core/utils.js @@ -5,8 +5,11 @@ const _MS_PER_DAY = 1000 * 60 * 60 * 24; // Milliseconds per day. $.fn.safeClone = function () { var $clone = this.clone(); - // IE BUG : Placeholder text becomes actual value after deep clone on textarea + // IE 9-11 BUG : Placeholder text becomes actual value after deep clone on textarea // https://connect.microsoft.com/IE/feedback/details/781612/placeholder-text-becomes-actual-value-after-deep-clone-on-textarea + // Ref: + // https://github.com/Patternslib/Patterns/issues/412 + // https://github.com/Patternslib/Patterns/pull/410 if (window.document.documentMode) { $clone.findInclusive(":input[placeholder]").each(function (i, item) { var $item = $(item); @@ -589,7 +592,9 @@ const localized_isodate = (date) => { * Replace HTML reserved characters with html entities to add HTML for user * editing to e.g. a textarea or a contenteditable. * - * See: https://developer.mozilla.org/en-US/docs/Glossary/Entity#reserved_characters + * See: + * https://stackoverflow.com/a/22706073/1337474 + * https://developer.mozilla.org/en-US/docs/Glossary/Entity#reserved_characters * * @param {string} html - The HTML string to encode. * @@ -600,17 +605,21 @@ const localized_isodate = (date) => { * ``"`` will be replaced with ``"``. */ const escape_html = (html) => { - return (html || "") - .replace(/&/g, "&") // needs to be first! - .replace(//g, ">") - .replace(/"/g, """); + if (!html) { + return ""; + } + const el = document.createElement("div"); + el.appendChild(document.createTextNode(html)); + // Return escaped html and also replace quotes. + return el.innerHTML.replace(/"/g, """); }; /** * Return unescaped, raw HTML from an escaped HTML string. * - * See: https://developer.mozilla.org/en-US/docs/Glossary/Entity#reserved_characters + * See: + * https://stackoverflow.com/a/34064434/1337474 + * https://developer.mozilla.org/en-US/docs/Glossary/Entity#reserved_characters * * @param {string} escaped_html - The HTML string to decode. * @@ -621,11 +630,12 @@ const escape_html = (html) => { * ``"`` will be replaced with ``"``. */ const unescape_html = (escaped_html) => { - return (escaped_html || "") - .replace(/&/g, "&") - .replace(/</g, "<") - .replace(/>/g, ">") - .replace(/"/g, '"'); + if (!escaped_html) { + return ""; + } + const doc = new DOMParser().parseFromString(escaped_html, "text/html"); + // Return unescaped html and also unescape quote named entities. + return doc.documentElement.textContent.replace(/"/g, '"'); }; /** diff --git a/src/patterns.js b/src/patterns.js index 2a13cbecb..382d91ef6 100644 --- a/src/patterns.js +++ b/src/patterns.js @@ -5,7 +5,6 @@ // Import base import "./globals"; import registry from "./core/registry"; -import "modernizr"; // Import all used patterns for the bundle to be generated import "./core/push_kit"; @@ -74,4 +73,12 @@ import "@patternslib/pat-upload"; // Set to ``true`` to include core styles via JavaScript //window.__patternslib_import_styles = false; +// Include modernizr per default. +// Most of our styles depend on it. +// You might want to disable it for your project by setting: +// window.__patternslib_disable_modernizr = true; +if (!window.__patternslib_disable_modernizr) { + import("modernizr"); +} + registry.init();